It’s no secret that large retailers like Amazon and Walmart have leveraged the incredible power of big data to tailor their customer experience and increase revenue, even amidst the dynamic market conditions of the COVID-19 pandemic. Brick-and-mortar and e-commerce giants alike are benefiting from a streamlined checkout process, specific targeted ads and promotions, and innovative ways to leverage data with machine learning and artificial intelligence algorithms that increase the likelihood of converting casual browsers into regular – and even lifetime – customers.
Unfortunately, with the power of customer data comes corresponding risk. Nearly half of US consumers do not feel they have control over their personal data, and less than 25% of organizations in 2019 had optimally integrated a data privacy plan with their business planning strategies. With one third of companies expecting that a data breach will take place in the next two years, how can retailers keep using their critical customer data without damaging their brand or losing their customers’ trust when that breach happens?
Data security is critical, but not enough. Increasing regulations like the GDPR, the CCPA, and the Brazilian LGPD are all at the forefront of a trend to keep more strict control and protection of consumer data. Traditional security measures like firewalls, access control and traffic monitoring remain important, but cannot protect data from malicious attacks or inadvertent breaches when in use, let alone adhere to the myriad rules and regulations around what constitutes appropriately protecting personal data. Many of these regulations insist that data retention is safest when it is de-identified, meaning a customer can no longer positively or reasonably be identified even when combining different pieces of data about them together.
So how is it done? The answer is, perhaps unsurprisingly, it depends on the context:
Offering a range of techniques that allow you to de-identify and, in some cases, re-identify data provides the most power during analysis and most often complies with regulations such as the GDPR, mandating that the data must be “anonymized” before it can be safely respect a consumer’s right to be forgotten.
Retailers often have dozens of systems, all with critical information on customer buying trends and habits: point-of-sale systems, CRM systems, email lists, loyalty programs, etc. When this data is safely de-identified and combined, it can yield even sharper analysis that allows the enterprise to specifically tailor promotions to certain demographics, regions, or people with specific purchasing histories.
Given how spread out this data originally was, it often doesn’t make sense to re-identify the data once run through a machine learning system. The more stakeholders who have access to the data, the higher the risk of inadvertent or malicious breach. So what’s a retailer to do?
Privitar controls the ability to re-identify the data for only a specific subset of the organization. For example, a target demographic is identified and a list of re-identified customers sent to the Online Promotions team to craft a specific campaign strategy for a group of customers. Protecting the data while in use ensures compliance with regulations, and re-identifying it more locally for only the team that needs to act on it to enhance revenue reduces risk.
Retailers often have many different departments with different, conflicting goals. Some may focus on enhancing upsell/cross-selling opportunities, some on reducing customer churn, or others on streamlining the organization’s omnichannel experience end-to-end. Linking the data, however, is a very real risk for organizations trying to ensure regulatory compliance and reduce the likelihood of their customer base being re-identified by an outsider when piecing together de-identified information.
Privitar’s unique Protected Data Domain™ technology provides a seamless way to de-identify sets of data for specific analysis, ensuring they cannot be linked to other subsets from the same or similar sensitive data sources. You can give one team access to a set of de-identified data for analysis on how to reduce customer churn, and know you are protected against those tables being combined with those in use by the team looking to enhance upselling or cross-selling opportunities.
Particularly in the current market climate, with rapidly changing conditions and market demand, it can be tricky to take into account the most recent data.
This could mean handling data in batches, data in use during each time it is used in algorithms for analysis, or even on demand. Making sure that de-identification is used in a way that makes the most sense for your organization to respond swiftly to market changes and maintain this architectural flexibility is critical to ensure success.
As organizations continue to scale, automation of data privacy processes and techniques become more critical – particularly since many retailers have so many distinct and important sources of customer data.
For example, if you have a customer’s demographic data, shopping history or preferences and want to use it in a regular quarterly analysis to determine the next best campaigns to run, you can leverage Privitar’s set of REST APIs to automate the de-identification of this data set to centrally determined policies.
This will create a Protected Data Domain without the need for manual intervention every time. Or, add manual points in the process to leverage more personal control – save time when and if it makes sense in the context of your architecture, business processes and needs.
Given the risks associated with a data breach or regulatory violation, it is critical to ensure that each set of data is appropriately tracked and identified for a specific purpose. With Privitar Watermarks™, each Protected Data Domain contains an indelible “fingerprint” that is married to the metadata, is encoded in the data itself, and is tamper tolerant. This Watermark provides the ability to track why the data was created, by whom, and for whom, along with an expiration date on the dataset. It is a powerful tool to leverage when data breaches do happen to quickly identify when and where the breach occurred, and even acts as a way to ensure an organization’s employees are increasingly careful with the data they manage.
Failing to use critical retail customer insights, particularly in such a rapidly changing market, is a recipe for failure. Exposing customers to a data breach or failing to comply with government regulations is a recipe for disaster. Thankfully, with Privitar you don’t have to choose – de-identify your data safely, consistently and contextually to ensure the most thorough analyses and secure the strongest competitive advantages.
Ready to Learn More? Ask us for a Demo!
Note: A modified version of this piece appeared in Total Retail.